lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <tencent_DBDF1933CFD60D9B25D30DB592655DEFDD07@qq.com>
Date: Wed,  5 Mar 2025 08:55:56 +0800
From: Edward Adam Davis <eadavis@...com>
To: syzbot+8f9f411152c9539f4e59@...kaller.appspotmail.com
Cc: linux-kernel@...r.kernel.org,
	syzkaller-bugs@...glegroups.com
Subject: Re: [syzbot] [xfs?] [mm?] WARNING: bad unlock balance in __mm_populate

#syz test

diff --git a/mm/gup.c b/mm/gup.c
index 3883b307780e..66c28dea091f 100644
--- a/mm/gup.c
+++ b/mm/gup.c
@@ -1434,6 +1434,7 @@ static long __get_user_pages(struct mm_struct *mm,
 
 	VM_BUG_ON(!!pages != !!(gup_flags & (FOLL_GET | FOLL_PIN)));
 
+	printk("mm: %p, map lock held: %d, locked: %d, %s\n", mm, lockdep_is_held(&mm->mmap_lock), *locked, __func__);
 	do {
 		struct page *page;
 		unsigned int page_increm;
@@ -1469,6 +1470,7 @@ static long __get_user_pages(struct mm_struct *mm,
 
 			if (!vma) {
 				ret = -EFAULT;
+				printk("mm1: %p, map held lock: %d, vma: %p, %s\n", mm, lockdep_is_held(&mm->mmap_lock), vma, __func__);
 				goto out;
 			}
 			ret = check_vma_flags(vma, gup_flags);
@@ -1484,7 +1486,9 @@ static long __get_user_pages(struct mm_struct *mm,
 			ret = -EINTR;
 			goto out;
 		}
+		printk("<before resched> mm: %p, map lock held: %d, %s\n", mm, lockdep_is_held(&mm->mmap_lock), __func__);
 		cond_resched();
+		printk("<after resched> mm: %p, map lock held: %d, %s\n", mm, lockdep_is_held(&mm->mmap_lock), __func__);
 
 		page = follow_page_mask(vma, start, gup_flags, &ctx);
 		if (!page || PTR_ERR(page) == -EMLINK) {
@@ -1500,6 +1504,7 @@ static long __get_user_pages(struct mm_struct *mm,
 			case -EFAULT:
 			case -ENOMEM:
 			case -EHWPOISON:
+				printk("mm2: %p, map held lock: %d, vma: %p, ret: %d, %s\n", mm, lockdep_is_held(&mm->mmap_lock), vma, ret, __func__);
 				goto out;
 			}
 			BUG();
@@ -1552,6 +1557,7 @@ static long __get_user_pages(struct mm_struct *mm,
 					 */
 					gup_put_folio(folio, 1, gup_flags);
 					ret = -EFAULT;
+					printk("mm3: %p, map held lock: %d, folio: %p, %s\n", mm, lockdep_is_held(&mm->mmap_lock), folio, __func__);
 					goto out;
 				}
 			}
@@ -2029,7 +2035,12 @@ int __mm_populate(unsigned long start, unsigned long len, int ignore_errors)
 		 * double checks the vma flags, so that it won't mlock pages
 		 * if the vma was already munlocked.
 		 */
+		printk("1mm: %p, vma: %p, mmap lock held: %d, locked: %d, vma is acc: %d, %s\n",
+			mm, vma, lockdep_is_held(&mm->mmap_lock), locked, vma_is_accessible(vma), __func__);
 		ret = populate_vma_page_range(vma, nstart, nend, &locked);
+		printk("mm: %p, vma: %p, mmap lock held: %d, locked: %d, ret: %ld, mm addr is valid: %d, %s\n",
+			mm, vma, lockdep_is_held(&mm->mmap_lock), locked, ret, virt_addr_valid((void*)mm), __func__);
+
 		if (ret < 0) {
 			if (ignore_errors) {
 				ret = 0;

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ